As seen on Breach Forum, U.K. High Court Judge Stephen Morris has rejected a request by the U.S. to keep Diogo Santos Coelho (aka “Omni” of RaidForums) in jail while the U.S. appeals a magistrate judge’s decision to grant him conditional bail. Coelho was arrested in January 2022, but his arrest was not announced until…
Author: Dissent
NJ: SERV Behavioral Health System remains quiet about alleged ransomware attack in May
SERV Behavioral Health System in New Jersey provides Social, Educational, Residential, and Vocational services to children and adults with adults and children trying to cope with serious mental illness or a developmental disability. On May 26, their files were allegedly encrypted by Hive ransomware team. On July 14, Hive added SERV BHS to their leak…
Ransomware team hits Disability Help Group
One of the recent listings on a well-known ransomware leak site names a Florida law firm as their victim but they link to disabilityhelpgroup.com. That site, which offers what they describe as advocacy services for individuals seeking help in securing Social Security disability benefits or veterans’ disability benefits, does not display the law firm’s name…
Roundup: Four more breaches in the healthcare sector: Healthback Holdings, Zenith American Solutions, Bronx Accountable Healthcare Network, and Centerstone
On June 1, Healthback Holdings, LLC in Oklahoma discovered that they had been subject to a hacking incident that began in October 2021. “A limited number” of employee accounts were compromised. On July 29, Healthback notified HHS that 21,114 patients were affected. Their notice says that names, health insurance information, Social Security numbers, and clinical…
Class Action Targets Experian Over Account Security
Brian Krebs reports: A class action lawsuit has been filed against big-three consumer credit bureau Experian over reports that the company did little to prevent identity thieves from hijacking consumer accounts. The legal filing cites liberally from an investigation KrebsOnSecurity published in July, which found that identity thieves were able to assume control over existing Experian accounts…
Microsoft accounts targeted with new MFA-bypassing phishing kit
Bill Toulas reports: A new large-scale phishing campaign targeting credentials for Microsoft email services use a custom proxy-based phishing kit to bypass multi-factor authentication. Researchers believe the campaign’s goal is to breach corporate accounts to conduct BEC (business email compromise) attacks, diverting payments to bank accounts under their control using falsified documents. The phishing campaign’s…